Announcement Announcement Module
No announcement yet.
Spring 3.0 NTLM error Not a Type 3 Message Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring 3.0 NTLM error Not a Type 3 Message

    Below are the relevant excerpts from my Spring configuration. I'm not a NTLM expert, I've read all of the relevant documentation and searched for the error and nothing I have tried seems to get past the error. I am hitting the app as a user A, but the only valid login is Login B,I get the login page and I try to login with user B credentials, but I get the Type 3 message error at that point. Does anyone have any ideas?

    <security:http use-expressions="true" auto-config='false'
    realm="cip" entry-point-ref="ntlmProcessingFilterEntryPoint">

    <security:custom-filter position="NTLM_FILTER " ref="ntlmProcessingFilter" />


    <security:authentication-manager alias="authenticationManager">
    ref="ntlmAuthProvider" user-service-ref="userDetailsService" />
    ref="ldapAuthProvider" user-service-ref="userDetailsService" />-->

    <!-- =========================================== NTLM Config ================================================== ==== -->

    <bean id="ntlmAuthProvider" class="com.bbvacompass.acegi.NtlmAuthenticationPro vider">
    <ref local="ntlmAwareLdapAuthenticator" />
    <ref local="authoritiesPopulator" />
    <property name="userDetailsContextMapper" ref="userDetailsContextMapper" />

    Bind and populate user from NTLM token

    constructor = initial context factory defined above
    userSearch = userSearch defined above
    <bean id="ntlmAwareLdapAuthenticator" class=" uthenticator.NtlmAwareLdapAuthenticator">
    <constructor-arg ref="initialDirContextFactory"/>
    <property name="userSearch" ref="userSearch"/>

    <bean id="ntlmAuthenticationManager" class=" .ProviderManager">
    <property name="providers">
    <ref bean="ntlmAuthProvider" />

    <bean id="ntlmProcessingFilter" class=" ocessingFilter">
    <property name="defaultDomain" value="CompassNT"/>
    <property name="netbiosWINS" value="${${site}.netbiosWINS}"/>
    <property name="domainController" value="${${site}.domainController}"/>
    <property name="smbClientUsername" ref="serviceAccount"/>
    <property name="smbClientPassword" ref="serviceAccountPassword"/>
    <property name="authenticationManager" ref="ntlmAuthenticationManager"/>

    <bean id="ntlmAccessDeniedHandler" class=" essDeniedHandlerImpl">
    <property name="errorPage" value="/login.jsp?failure=true"/>

    <bean id="ntlmProcessingFilterEntryPoint" class=" ocessingFilterEntryPoint">
    <property name="authenticationFailureUrl" value="/login.jsp" />

    <bean id="ntlmExceptionTranslationFilter" class=" eptionTranslationFilter">
    <property name="authenticationEntryPoint">
    <ref bean="ntlmProcessingFilterEntryPoint"/>
    <property name="accessDeniedHandler">
    <ref bean="ntlmAccessDeniedHandler" />

    [9/18/09 6:46:53:314 CDT] 00000029 SystemOut O 06:46:53,314 DEBUG [ ontextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed
    [9/18/09 6:46:53:361 CDT] 00000029 FFDCJanitor I doCleanupIfNeeded FFDC0004I: FFDC log file management removed 44 of 44 files that have reached their configured maximum age
    [9/18/09 6:46:53:377 CDT] 00000029 WebApp E [Servlet Error]-[Filter [springSecurityFilterChain]: filter is unavailable.]: Not a Type 3 message.
    at jcifs.ntlmssp.Type3Message.parse( :546)
    at jcifs.ntlmssp.Type3Message.<init>(Type3Message.jav a:208)
    at gFilter.processType3Message(NtlmProcessingFilter.j ava:393)
    at gFilter.doFilter(
    at$ VirtualFilterChain.doFilter( 356)
    at ranslationFilter.doFilter(ExceptionTranslationFilt
    at$ VirtualFilterChain.doFilter( 356)
    at onymousProcessingFilter.doFilter(AnonymousProcessi
    at$ VirtualFilterChain.doFilter( 356)
    at ontextHolderAwareRequestFilter.doFilter(SecurityCo
    at$ VirtualFilterChain.doFilter( 356)
    at estCacheAwareFilter.doFilter(RequestCacheAwareFilt
    at$ VirtualFilterChain.doFilter( 356)
    at ontextPersistenceFilter.doFilter(SecurityContextPe
    at$ VirtualFilterChain.doFilter( 356)

  • #2
    Note that NTLM support will be discontinued in Spring Security 3, in favour of kerberos:


    • #3

      Thanks Luke, I had already read that before. I was just hoping that I could get this working temporarily. I guess I need to find a good Kerberos example and find a way to implement it within our organization or use some other mechanism.

      I need Single Sign On with our internal system and it is Active Directory and I am quickly running out of options for making this work without writing an entire solution myself.

      Will the new Kerberos solution work with Active Directory or do we need a second system to proxy the authentication from Kerberos to Active Directory?


      • #4
        Yes, it will work with AD. Mike will publish a blog article on it, but he is currently on holiday.


        • #5

          That's great. Is there currently any documentation out there on it at all? I'd love to attempt to get it working over the weekend. Just a crude example would be nice. I have a my configuration working with Active Directory, I just need to convert it to utilize Kerberos I guess and I should be good. If I could get it working, I could donate my configuration as an example.


          • #6
            There is already a sample application I believe, but the difficult part is in configuring kerberos for your system.


            • #7

              I may be SOL. Getting anything configured around here is an act of congress. That may present an issue. Thanks for the information.


              • #8
                Well, you can point out that NTLM is less secure and that Kerberos is recommended instead. Kerberos is the default authentication mechanism used by Active Directory these days.


                • #9
                  Kerberos Sample

                  Luke - I really need to find that sample application. Where would it be located?



                  • #10